Vulnerabilities > Squid Cache > Squid > 4.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-27 | CVE-2016-2572 | Improper Input Validation vulnerability in Squid-Cache Squid http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | 5.0 |
| 2016-02-27 | CVE-2016-2571 | Improper Input Validation vulnerability in Squid-Cache Squid http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | 5.0 |
| 2016-02-27 | CVE-2016-2570 | Improper Input Validation vulnerability in Squid-Cache Squid The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. | 5.0 |
| 2016-02-27 | CVE-2016-2569 | Improper Input Validation vulnerability in Squid-Cache Squid Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | 5.0 |